一键关闭服务器危险端口BAT文件安防篇

一键防勒索NSA,关闭服务器危险端口,135,137,138,139,445,593,1024

@echo off
color 1f
title 一键防勒索NSA Fooher.com
echo.
echo.
echo 本批处理用于启动系统的防火墙并关闭常见的危险端口
echo.
echo 运维天涯 fooher.com 你不过如此制作
echo.
pause
cls
echo 正在启动防火墙 请稍候…
sc config SharedAccess start= auto >nul
net start SharedAccess >nul
echo 防火墙已经成功启动
echo.
echo 正在关闭常见的危险端口 请稍候…
echo.
echo 正在关闭135端口 请稍候…
netsh advfirewall firewall add rule name=135 protocol=TCP dir=in localport=135 action=block
echo 正在关闭137端口 请稍候…
netsh advfirewall firewall add rule name=137 protocol=TCP dir=in localport=137 action=block
echo 正在关闭138端口 请稍候…
netsh advfirewall firewall add rule name=138 protocol=TCP dir=in localport=138 action=block
echo 正在关闭139端口 请稍候…
netsh advfirewall firewall add rule name=139 protocol=TCP dir=in localport=139 action=block
echo 正在关闭445端口 请稍候…
netsh advfirewall firewall add rule name=445 protocol=TCP dir=in localport=445 action=block

echo 正在关闭593端口 请稍候…
netsh advfirewall firewall add rule name=593 protocol=TCP dir=in localport=593 action=block
echo.
echo 常见的危险端口已经关闭
echo.
REM 对445端口进行过滤 只允许部分主机访问
netsh ipsec static add policy name=foohercom
netsh ipsec static add filterlist name=deny
REM 添加筛选器到IP筛选器列表(不让别人访问)
netsh ipsec static add filter filterlist=deny srcaddr=any dstaddr=me description=防勒索NSA445 dstport=135 protocol=tcp mirrored=yes
netsh ipsec static add filter filterlist=deny srcaddr=any dstaddr=me description=防勒索NSA137 dstport=137 protocol=tcp mirrored=yes
netsh ipsec static add filter filterlist=deny srcaddr=any dstaddr=me description=防勒索NSA138 dstport=138 protocol=tcp mirrored=yes
netsh ipsec static add filter filterlist=deny srcaddr=any dstaddr=me description=防勒索NSA139 dstport=139 protocol=tcp mirrored=yes
netsh ipsec static add filter filterlist=deny srcaddr=any dstaddr=me description=防勒索NSA445 dstport=445 protocol=tcp mirrored=yes
netsh ipsec static add filter filterlist=deny srcaddr=any dstaddr=me description=防勒索NSA593 dstport=593 protocol=tcp mirrored=yes

REM 添加筛选器操作
netsh ipsec static add filteraction name=deny action=block
REM 创建一个链接指定 IPSec 策略、筛选器列表和筛选器操作的规则(加入规则到我的安全策略)
netsh ipsec static add rule name=拒绝规则 policy=foohercom filterlist=deny filteraction=deny
REM 激活我的安全策略
netsh ipsec static set policy name=foohercom assign=y
echo.
echo By: 运维天涯
echo.
echo.
echo.
echo 按任意键退出

pause>nul